From 7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Wed, 2 Sep 2020 13:03:54 +0200
Subject: [PATCH] harden redeclipse

---
 etc/profile-m-z/redeclipse.profile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index bb1ad56d3..a29205e14 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -14,10 +14,14 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.redeclipse
 whitelist ${HOME}/.redeclipse
+whitelist /usr/share/redeclipse
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 caps.drop all
@@ -32,8 +36,13 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 
 disable-mnt
+#private-bin redeclipse,sh,man
+private-cache
 private-dev
 private-tmp
 
+dbus-user none
+dbus-system none